Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2025, 23:07
Behavioral task
behavioral1
Sample
JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll
Resource
win7-20250207-en
Behavioral task
behavioral2
Sample
JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll
Resource
win10v2004-20250217-en
General
-
Target
JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll
-
Size
88KB
-
MD5
67bf34a2c6c54fd8a180415b5a59dd4f
-
SHA1
d180c8ba3cd3bfbc90faa5eba4c465baa088af03
-
SHA256
422f07bacd2d5f97847aa6b71d02e8e0db54b4d9d2fa4e6a9b99063eafc5ac45
-
SHA512
fdc19ec971ce34fdea982d29fa238b71682d0b1e1fa1342ada94fc4c2b255e15ad6175af56756ba436a5a3dc445968c31e51e489dee39358b49c99c8fb8b02df
-
SSDEEP
1536:0Im31WEbcOdeTIDehycWC/f74eU3XBZsU9t2reOv3/Bk:0d1cIeTIKhyBCn74eWXBZsU9tueOv3/G
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 316 wrote to memory of 4468 316 rundll32.exe 84 PID 316 wrote to memory of 4468 316 rundll32.exe 84 PID 316 wrote to memory of 4468 316 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_67bf34a2c6c54fd8a180415b5a59dd4f.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4468
-